Provide access to QSslCertificate on OpenSSL free Windows builds

The QSslCertificate class can parse and provide details about SSL
certificates without a proper backend, this can for instance be used
by QtWebEngine to provide metadata about certificates, even on Windows
builds without OpenSSL, as QtWebEngine does not use Qt's SSL stack.

Change-Id: Ib48f1ed7315c5bc66721ec87ee651d8372f07f71
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This commit is contained in:
Allan Sandfeld Jensen 2018-06-29 11:33:36 +02:00
parent 514972544a
commit a149659c5c
6 changed files with 46 additions and 28 deletions

View File

@ -125,7 +125,9 @@
#include "qssl_p.h" #include "qssl_p.h"
#include "qsslcertificate.h" #include "qsslcertificate.h"
#include "qsslcertificate_p.h" #include "qsslcertificate_p.h"
#ifndef QT_NO_SSL
#include "qsslkey_p.h" #include "qsslkey_p.h"
#endif
#include <QtCore/qdir.h> #include <QtCore/qdir.h>
#include <QtCore/qdiriterator.h> #include <QtCore/qdiriterator.h>
@ -142,8 +144,12 @@ QT_BEGIN_NAMESPACE
QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format) QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format)
: d(new QSslCertificatePrivate) : d(new QSslCertificatePrivate)
{ {
#ifndef QT_NO_OPENSSL
QSslSocketPrivate::ensureInitialized(); QSslSocketPrivate::ensureInitialized();
if (device && QSslSocket::supportsSsl()) if (device && QSslSocket::supportsSsl())
#else
if (device)
#endif
d->init(device->readAll(), format); d->init(device->readAll(), format);
} }
@ -156,8 +162,10 @@ QSslCertificate::QSslCertificate(QIODevice *device, QSsl::EncodingFormat format)
QSslCertificate::QSslCertificate(const QByteArray &data, QSsl::EncodingFormat format) QSslCertificate::QSslCertificate(const QByteArray &data, QSsl::EncodingFormat format)
: d(new QSslCertificatePrivate) : d(new QSslCertificatePrivate)
{ {
#ifndef QT_NO_OPENSSL
QSslSocketPrivate::ensureInitialized(); QSslSocketPrivate::ensureInitialized();
if (QSslSocket::supportsSsl()) if (QSslSocket::supportsSsl())
#endif
d->init(data, format); d->init(data, format);
} }
@ -557,6 +565,8 @@ QList<QSslCertificate> QSslCertificate::fromData(const QByteArray &data, QSsl::E
: QSslCertificatePrivate::certificatesFromDer(data); : QSslCertificatePrivate::certificatesFromDer(data);
} }
#ifndef QT_NO_SSL
/*! /*!
Verifies a certificate chain. The chain to be verified is passed in the Verifies a certificate chain. The chain to be verified is passed in the
\a certificateChain parameter. The first certificate in the list should \a certificateChain parameter. The first certificate in the list should
@ -600,6 +610,8 @@ bool QSslCertificate::importPkcs12(QIODevice *device,
return QSslSocketBackendPrivate::importPkcs12(device, key, certificate, caCertificates, passPhrase); return QSslSocketBackendPrivate::importPkcs12(device, key, certificate, caCertificates, passPhrase);
} }
#endif
// These certificates are known to be fraudulent and were created during the comodo // These certificates are known to be fraudulent and were created during the comodo
// compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html // compromise. See http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
static const char *const certificate_blacklist[] = { static const char *const certificate_blacklist[] = {

View File

@ -55,8 +55,6 @@
#include <QtCore/qmap.h> #include <QtCore/qmap.h>
#include <QtNetwork/qssl.h> #include <QtNetwork/qssl.h>
#ifndef QT_NO_SSL
QT_BEGIN_NAMESPACE QT_BEGIN_NAMESPACE
class QDateTime; class QDateTime;
@ -131,7 +129,9 @@ public:
QMultiMap<QSsl::AlternativeNameEntryType, QString> subjectAlternativeNames() const; QMultiMap<QSsl::AlternativeNameEntryType, QString> subjectAlternativeNames() const;
QDateTime effectiveDate() const; QDateTime effectiveDate() const;
QDateTime expiryDate() const; QDateTime expiryDate() const;
#ifndef QT_NO_SSL
QSslKey publicKey() const; QSslKey publicKey() const;
#endif
QList<QSslCertificateExtension> extensions() const; QList<QSslCertificateExtension> extensions() const;
QByteArray toPem() const; QByteArray toPem() const;
@ -146,6 +146,7 @@ public:
static QList<QSslCertificate> fromData( static QList<QSslCertificate> fromData(
const QByteArray &data, QSsl::EncodingFormat format = QSsl::Pem); const QByteArray &data, QSsl::EncodingFormat format = QSsl::Pem);
#ifndef QT_NO_SSL
#if QT_VERSION >= QT_VERSION_CHECK(6,0,0) #if QT_VERSION >= QT_VERSION_CHECK(6,0,0)
static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName = QString()); static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName = QString());
#else #else
@ -156,6 +157,7 @@ public:
QSslKey *key, QSslCertificate *cert, QSslKey *key, QSslCertificate *cert,
QList<QSslCertificate> *caCertificates = nullptr, QList<QSslCertificate> *caCertificates = nullptr,
const QByteArray &passPhrase=QByteArray()); const QByteArray &passPhrase=QByteArray());
#endif
Qt::HANDLE handle() const; Qt::HANDLE handle() const;
@ -178,6 +180,4 @@ QT_END_NAMESPACE
Q_DECLARE_METATYPE(QSslCertificate) Q_DECLARE_METATYPE(QSslCertificate)
#endif // QT_NO_SSL
#endif #endif

View File

@ -55,7 +55,9 @@
// We mean it. // We mean it.
// //
#ifndef QT_NO_SSL
#include "qsslsocket_p.h" #include "qsslsocket_p.h"
#endif
#include "qsslcertificateextension.h" #include "qsslcertificateextension.h"
#include <QtCore/qdatetime.h> #include <QtCore/qdatetime.h>
#include <QtCore/qmap.h> #include <QtCore/qmap.h>
@ -83,7 +85,9 @@ public:
QSslCertificatePrivate() QSslCertificatePrivate()
: null(true), x509(0) : null(true), x509(0)
{ {
#ifndef QT_NO_SSL
QSslSocketPrivate::ensureInitialized(); QSslSocketPrivate::ensureInitialized();
#endif
} }
~QSslCertificatePrivate() ~QSslCertificatePrivate()

View File

@ -41,8 +41,10 @@
#include "qsslcertificate_p.h" #include "qsslcertificate_p.h"
#include "qssl_p.h" #include "qssl_p.h"
#ifndef QT_NO_SSL
#include "qsslkey.h" #include "qsslkey.h"
#include "qsslkey_p.h" #include "qsslkey_p.h"
#endif
#include "qsslcertificateextension.h" #include "qsslcertificateextension.h"
#include "qsslcertificateextension_p.h" #include "qsslcertificateextension_p.h"
#include "qasn1element_p.h" #include "qasn1element_p.h"
@ -145,6 +147,7 @@ Qt::HANDLE QSslCertificate::handle() const
} }
#endif #endif
#ifndef QT_NO_SSL
QSslKey QSslCertificate::publicKey() const QSslKey QSslCertificate::publicKey() const
{ {
QSslKey key; QSslKey key;
@ -155,6 +158,7 @@ QSslKey QSslCertificate::publicKey() const
} }
return key; return key;
} }
#endif
QList<QSslCertificateExtension> QSslCertificate::extensions() const QList<QSslCertificateExtension> QSslCertificate::extensions() const
{ {

View File

@ -48,9 +48,6 @@
QT_BEGIN_NAMESPACE QT_BEGIN_NAMESPACE
#ifndef QT_NO_SSL
class QSslCertificateExtensionPrivate; class QSslCertificateExtensionPrivate;
class Q_NETWORK_EXPORT QSslCertificateExtension class Q_NETWORK_EXPORT QSslCertificateExtension
@ -80,8 +77,6 @@ private:
Q_DECLARE_SHARED(QSslCertificateExtension) Q_DECLARE_SHARED(QSslCertificateExtension)
#endif // QT_NO_SSL
QT_END_NAMESPACE QT_END_NAMESPACE

View File

@ -1,11 +1,22 @@
# OpenSSL support; compile in QSslSocket. # OpenSSL support; compile in QSslSocket.
qtConfig(ssl) {
HEADERS += ssl/qasn1element_p.h \ HEADERS += ssl/qasn1element_p.h \
ssl/qssl.h \ ssl/qssl.h \
ssl/qssl_p.h \ ssl/qssl_p.h \
ssl/qsslcertificate.h \ ssl/qsslcertificate.h \
ssl/qsslcertificate_p.h \ ssl/qsslcertificate_p.h \
ssl/qsslconfiguration.h \ ssl/qsslcertificateextension.h \
ssl/qsslcertificateextension_p.h
SOURCES += ssl/qasn1element.cpp \
ssl/qssl.cpp \
ssl/qsslcertificate.cpp \
ssl/qsslcertificateextension.cpp
!qtConfig(openssl): SOURCES += ssl/qsslcertificate_qt.cpp
qtConfig(ssl) {
HEADERS += ssl/qsslconfiguration.h \
ssl/qsslconfiguration_p.h \ ssl/qsslconfiguration_p.h \
ssl/qsslcipher.h \ ssl/qsslcipher.h \
ssl/qsslcipher_p.h \ ssl/qsslcipher_p.h \
@ -18,26 +29,19 @@ qtConfig(ssl) {
ssl/qsslsocket.h \ ssl/qsslsocket.h \
ssl/qsslsocket_p.h \ ssl/qsslsocket_p.h \
ssl/qsslpresharedkeyauthenticator.h \ ssl/qsslpresharedkeyauthenticator.h \
ssl/qsslpresharedkeyauthenticator_p.h \ ssl/qsslpresharedkeyauthenticator_p.h
ssl/qsslcertificateextension.h \ SOURCES += ssl/qsslconfiguration.cpp \
ssl/qsslcertificateextension_p.h
SOURCES += ssl/qasn1element.cpp \
ssl/qssl.cpp \
ssl/qsslcertificate.cpp \
ssl/qsslconfiguration.cpp \
ssl/qsslcipher.cpp \ ssl/qsslcipher.cpp \
ssl/qssldiffiehellmanparameters.cpp \ ssl/qssldiffiehellmanparameters.cpp \
ssl/qsslellipticcurve.cpp \ ssl/qsslellipticcurve.cpp \
ssl/qsslkey_p.cpp \ ssl/qsslkey_p.cpp \
ssl/qsslerror.cpp \ ssl/qsslerror.cpp \
ssl/qsslsocket.cpp \ ssl/qsslsocket.cpp \
ssl/qsslpresharedkeyauthenticator.cpp \ ssl/qsslpresharedkeyauthenticator.cpp
ssl/qsslcertificateextension.cpp
winrt { winrt {
HEADERS += ssl/qsslsocket_winrt_p.h HEADERS += ssl/qsslsocket_winrt_p.h
SOURCES += ssl/qsslcertificate_qt.cpp \ SOURCES += ssl/qsslcertificate_winrt.cpp \
ssl/qsslcertificate_winrt.cpp \
ssl/qssldiffiehellmanparameters_dummy.cpp \ ssl/qssldiffiehellmanparameters_dummy.cpp \
ssl/qsslkey_qt.cpp \ ssl/qsslkey_qt.cpp \
ssl/qsslkey_winrt.cpp \ ssl/qsslkey_winrt.cpp \
@ -47,8 +51,7 @@ qtConfig(ssl) {
qtConfig(securetransport) { qtConfig(securetransport) {
HEADERS += ssl/qsslsocket_mac_p.h HEADERS += ssl/qsslsocket_mac_p.h
SOURCES += ssl/qsslcertificate_qt.cpp \ SOURCES += ssl/qssldiffiehellmanparameters_dummy.cpp \
ssl/qssldiffiehellmanparameters_dummy.cpp \
ssl/qsslkey_qt.cpp \ ssl/qsslkey_qt.cpp \
ssl/qsslkey_mac.cpp \ ssl/qsslkey_mac.cpp \
ssl/qsslsocket_mac_shared.cpp \ ssl/qsslsocket_mac_shared.cpp \